May 3, 2022

Fortify Security Team
May 3, 2022

Title: Aruba and Avaya Network Switches are Vulnerable to RCE Attacks
Date Published: May 3, 2022

Excerpt: “Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices. The damage caused by a successful attack ranges from data breach and complete device takeover to lateral movement and overriding network segmentation defenses.”

Title: China-linked Moshen Dragon Abuses Security Software to Sideload Malware
Date Published: May 3, 2022

Excerpt: “A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. Experts observed overlap between the TTPs of the Moshen Dragon group with the ones of the Chinese Nomad Panda (aka RedFoxtrot).”

Title: Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’
Date Published: May 3, 2022

Excerpt: “While they have good intentions to foster mental health and spiritual wellness, the majority of mental-health and prayer apps can harm their users in other ways by exposing personal and intimate data due to a severe lack of security and privacy protections, researchers from Mozilla have found. Of 32 mental-health and prayer mobile apps investigated by the open-source organization, 28 were found to be inherently insecure and slapped with a “Privacy Not Included” label, according to a report of the same name published online this week. Moreover, 25 apps failed to meet Mozilla’s Minimum Security Standards, such as requiring strong passwords and managing security updates and vulnerabilities, researchers said.”

Title: CMS-Based Sites Under Attack: The Latest Threats and Trends
Date Published: May 3, 2022

Excerpt: “Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, Sucuri’s latest research report has revealed. “Unlike most compromises we see, skimming attacks are more often targeted rather than opportunistic,” the company added, and said that they expect skimmers to play an even larger role in website infections in 2022.”

Title: Russia to Rent Tech-Savvy Prisoners to Corporate IT?
Date Published: May 2, 2022

Excerpt: “Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies. Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic commercial companies.”

Title: AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection
Date Published: May 2, 2022

Excerpt: “Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. “This is the first sample we observed from the U.S. with the capability to disable a defense solution using a legitimate Avast Anti-Rootkit Driver file (asWarPot.sys),” Trend Micro researchers, Christoper Ordonez and Alvin Nieto, said in a Monday analysis.”

Title: Audit Finds SSRF Vulnerability in VMware Workspace One UEM
Date Published: May  2, 2022

Excerpt: “In conducting audits on VMWare Workspace One UEM, the popular mobile device management software, researchers last week reported they found a pre-authentication vulnerability that let them make arbitrary HTTP requests, including requests with any HTTP method and request body. In a blog post by Assetnote said to exploit this server side request forgery (SSRF), the researchers wrote they had to reverse engineer the encryption algorithm used by Workspace One UEM.”

Title: Google Offers $1.5M Bug Bounty for Android 13 Beta
Date Published: May 2, 2022

Excerpt: “Google has expanded its bug-bounty program to offer a whopping $1.5 million for a top-notch Android 13 Beta exploit – specifically, for a hack of the Titan M security chip that ships with Pixel phones. Android 13 Beta became available last week to developers and early adopters, with Google promising an outsized focus on privacy and security. It apparently aims to deliver in that department, if the bounty bump is any indication.”

Title: Unpatched DNS bug Affects Millions of Routers and IoT Devices
Date Published: May 3, 2022

Excerpt: “A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. A threat actor can use DNS poisoning or DNS spoofing to redirect the victim to a malicious website hosted at an IP address on a server controlled by the attacker instead of the legitimate location.”

Title: Car Rental Company Sixt Hit by a Cyberattack that Caused Temporary Disruptions
Date Published: May 3, 2022

Excerpt: “The car rental company Sixt detected IT anomalies on April 29th, 2022 and immediately activated the incident response procedures. Later, the company confirmed that it was hit by a cyber-attack that was quickly contained, but that caused temporary business disruptions at customer care centers and selective branches.”

Recent Posts

July 17, 2023

Title: Thousands of Images on Docker Hub Leak Auth Secrets, Private Keys Date Published: July 16, 2023 Excerpt: “Researchers at the RWTH Aachen University...

July 14, 2023

Title: Indexing Over 15 Million WordPress Websites with PWNPress Date Published: July 14, 2023 Excerpt: “Sicuranex’s PWNPress platform indexed over 15 million WordPress websites, it collects data...

December 9, 2022

Title: US Health Dept Warns of Royal Ransomware Targeting Healthcare Date Published: December 8, 2022 Excerpt: “The U.S. Department of Health and Human...

December 8, 2022

Title: New ‘Zombinder’ Platform Binds Android Malware With Legitimate Apps Date Published: December 8, 2022 Excerpt: “A darknet platform dubbed...

December 7, 2022

Title: Fantasy – A New Agrius Wiper Deployed Through a Supply-Chain Attack Date Published: December 7, 2022 Excerpt: “ESET researchers discovered a new wiper and its execution...

December 6, 2022

Title: This Badly Made Ransomware Can’t Decrypt Your Files, Even if You Pay the Ransom Date Published: December 6, 2022 Excerpt: “Victims of a recently...

December 5, 2022

Title: SIM Swapper Gets 18-Months for Involvement in $22 Million Crypto Heist Date Published: December 3, 2022 Excerpt: “Florida man Nicholas Truglia...